On Sun, Sep 1, 2019 at 1:48 PM Michael Orlitzky <m...@gentoo.org> wrote: > +<subsection> > + <title>Choosing a home directory</title> > + <body> > + <p> > + In most cases, the default home directory (that is, no home > + directory) should be used. GLEP81 changed two aspects of user > + management with respect to home directories: > + </p> > + > + <ol> > + <li> > + Creating a user can now modify the permissions on an existing > + directory. Should the need arise, this is necessary for a new > + version of an <c>acct-user</c> package to be able to fix the > + ownership and permissions of its home directory. > + </li> > + <li> > + All user data aside from the username became non-local to > + ebuilds that depend on that user. This is merely a side-effect > + of moving the user creation out of the client package, and > + into a separate <c>acct-user</c> package. > + </li> > + </ol> > + > + <p> > + The first item means that you should be conservative when > + choosing a home directory. If at all possible, avoid choosing a > + home directory that is used by another package. In particular, > + no two <c>acct-user</c> packages should use the same home > + directory. At best, the ownership and permissions on a shared > + home directory would need to be kept synchronized between all > + packages that share it. At worst, one package goes out-of-sync > + and introduces a security hole for the others who no longer have > + the expected permissions. > + </p> > + > + <p> > + The second item means that if your package requires a user, you > + can no longer be sure of that user's home directory or its > + ownership and permissions. If your package requires a directory > + to be owned and writable by some user, then your package's > + ebuild should create that directory and ensure that it is > + writable by the user. In other words, you should not rely on the > + directory being created "transitively" by a dependency, even if > + that dependency is an <c>acct-user</c> package. > + </p>
I can't really agree with the advice given in this section. If I'm maintaining a package and an associated acct-user package, I'm going to keep the two in sync. I don't see why I should have to create a directory via pkg_postinst when I could allow the acct-user package to do it for me. That the data is "non-local" is irrelevant if I'm maintaining both ebuilds.